Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware
“It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion.”
Google has fitted a new backup storage vault feature into its flagship cloud service to help organizations protect backed-up data from crippling ransomware attacks.
The new feature is promising immutable (preventing modification) and indelible (preventing deletion) backups, securing data backups against tampering and unauthorized deletion
The new utility, being added to the Google Cloud Backup and Disaster Recovery (DR) service, is meant to combat ransomware attacks that target backed-up data during encryption and extortion cyberattacks.
“Backups often represent the last resort for recovery when production data becomes unavailable or untrusted,” Google said in a note describing the feature. “It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion. Backup vault provides secure storage for backups.”
The company said backup vault data is stored in a Google-managed project and is logically air-gapped from an organization’s self-managed Google Cloud project.
“The underlying backup vault resources are not visible or accessible to users in your organization, which prevents direct attacks against those resources,” Google said.
“When creating a backup vault, you can specify that vaulted backups must be strongly secured against modification and deletion until the administrator-specified minimum enforced retention timeframe has elapsed. This layered protection enables you to deliver on backup immutability (security against data modification) and indelibility (security against data deletion) objectives, which are often driven by security initiatives or by regulatory compliance requirements,” Google added.
The company touted reliable and flexible recovery of data via vaulted backups that are self-contained and enable recovery even when the source resource is no longer available.
“Backup vaults can be created in a project that differs from the source project (e.g., the project where a protected Compute Engine VM is running), thus ensuring that backups remain accessible even if the source project or resource is no longer present. As a result, you can configure your backup policy to provide strong resilience against source project deletion,” the cloud provider said.
The new utility also supports immediate recovery of production applications to pre-existing or newly-created projects, including recovery into projects configured as isolated recovery environments (IREs) for pre-recovery testing/forensics in the aftermath of a ransomware attack.
The backup vault feature supports protection for Compute Engine VMs, VMware Engine VMs, Oracle databases, and SQL Server databases.
Related News
Despite Fed Cuts, Many Store Credit Cards Are Still Charging Extreme Interest Rates
The findings from the Consumer Financial Protection Bureau shed light on impacts to consumers who rely on major retailers’ credit programs. The Consumer Financial Protection Bureau found that 19% of…
U.S. Regulator’s ‘Problem Bank’ List Grows as Industry Profits Dip
A top U.S. bank regulator added two banks to its so-called “problem bank” list in the third quarter, while overall industry profits dipped 8.6%, the regulator said. The Federal Deposit…
Dec. 20: CFPB Recent Updates
Published DEC 20, 2024 CFPB Sues JPMorgan Chase, Bank of America, and Wells Fargo for Allowing Fraud to Fester on Zelle Today, the Consumer Financial Protection Bureau (CFPB) sued the operator…